#stephen_oauth-questions

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• stephenbnetn_api, 1 day ago, 200 messages

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1248721389784006817

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

Hey again guys. Once again thank you for your help the other day. Everything went really well. Just one question surfaced that i wasn't sure about. Mostly its to do with the way i see accoutns get nested and not sure if the account i think will be connected will be the one i want. So using my demo account where i log in and see a bunch of drop down accounts in the top left, i will select Inc-connect-test. If Comapany A had Oauth access and can send that OAUTH api call that creates the link for us to use to authenticate. Will that result in our Inc-connect-test being set as the connected customer for Company A in their connect section? OR will there be a New Business accoutn created as a sub section in our Inc-Connect-test?

Hi, are you've selected Inc-connect-test > and using oAuth, you would create a connected account on this account. I do not know understand what you mean by 'subsection' though

Are you able to clarify?

sure

Better yet, do you have an account ID example that I can confirm

so i have a bunch of options i can choose from in that drop down

the one chosen is the one i am referencing

so the intent is that Another company NOT tied to this account will want to share tokens with this account

I was told that this API call would allow authorization for the other company (INC) to create us as a connected account

2. Inc Calls to Obtain OAuth Authorization for NetNation to sue:
   o Inc Aurhority redirects NetNation to Stripe’s OAuth authorization page:
   o https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_1HXXXXXXXXXXXXXXX&scope=read_write
   o Inc Authority authorizes NetNation with an Access Token
   o curl https://connect.stripe.com/oauth/token
   o -d client_secret=sk_test_inc_secret_key
   o -d code=AUTHORIZATION_CODE
   o -d grant_type=authorization_code

what Bismarck walked me through to help me prove the concept was not quite proving the connect because unfortunately this test account inc-connect-test is not validated to be able to use Oauth, so we did the next best thing

i used an API call to create a customer:
curl https://api.stripe.com/v1/accounts
-u "sk_test_123:"
-d type=standard

so the result was this:

i think went into that and created a customer under it and added a credit card. WHich is great because it allowed me to see that when an account is connected it is very simple to add a customer and a credit card. Unfortuately it was only able to prove that though. ANd i want to ensure that when Company A is able to make Oauth requests and allows us to validate with our account (inc-connect-test), would this connect section on their dashboard show our INC-Connect-test in this section? OR will this create an account under our inc-connect-test main account that it will link?

basically i'm just not sure how the account structures behave and exactly what we are connecting to company A connect section when validating with Oauth

does my question make sense?

Can you clarify what you meany by 'ANd i want to ensure that when Company A is able to make Oauth requests and allows us to validate with our account (inc-connect-test), would this connect section on their dashboard show our INC-Connect-test in this section'?

sure. So the requirement is that COMPANY A connect with our Company (COmpany B) so they can create customers and tokens in our account (Company B). IN order to do that we need to create our company as a connected account under COMPANY A connect section. Does that sound accurate so far?

Yes, that is accurate

Okay so what i was told is that the first step to be able to do that is to create that Oauth authentication link request:

Inc Calls to Obtain OAuth Authorization for NetNation to sue:
o Inc Aurhority redirects NetNation to Stripe’s OAuth authorization page:
o https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_1HXXXXXXXXXXXXXXX&scope=read_write
o Inc Authority authorizes NetNation with an Access Token
o curl https://connect.stripe.com/oauth/token
o -d client_secret=sk_test_inc_secret_key
o -d code=AUTHORIZATION_CODE
o -d grant_type=authorization_code

that would allow Company A to be able to create customers and tokens in our account. Is THAT accurate so far?

Yes!

Okay so if Company A makes that API call and we respond to it to complete that handshake. That token they get will allow them to make calls to add the customer to our account and token. What i'm wondering is, what is the SCOPE of the access Company A has. From my test with Bismarck i saw the connected account in the CONNECT section with the user ID as shown in that picture:

Would company A log into their dashboard and go to their connect section after that authentication is made and see our main account inc-connect-test in that section?

or would we still need to create a seperate sub account to which they write to?

Company A is the Platform Accont here. Company B is the Connected Account which in this case is Standard Connect, https://docs.stripe.com/connect/standard-accounts. As the Platform account you can make direct charges, https://docs.stripe.com/connect/direct-charges?platform=web&ui=elements by using the Stripe Account Header, https://docs.stripe.com/connect/authentication

yup i get that

They would not need to create a separate account in this case

okay so doing that auth request means that Company A will see our Inc-Connect-test account in their connect section. SO they would be able to create customers and tokens directly into that account?

Company A would go to the Connect Section, and the be able to look at the connected accounts which Company B would be

Can we keep referring to Company A and Company B here?

yes sorry

Company A would be able to create customers and tokens direct on Company B, yes

but to be clear thats where my confusion is. IF Company B can be referred to by any sub accounts

let me show you how i see it. And you correct me if i'm wrong

Company B can create customer on their account, but they can't create any requests on behalf of Company A.

NetNation is us COMPANY B
Inc AUthority is them COMPANY A

ok

am i correct in that screenshot to think that COMPANY A or B can have multiple accounts that can be considered nested sub account? THose would be the options in the top left hand corner

or are they all just considered accounts and Stripe has managed to connect them all to our dashboard by some PARENT ID

Well, in the above, it looks like Company A and Company B are both Platform Accounts, separate from each other.

yes they would be

exactly

in our production instance. We (Company A) currently do have a platform that we charge customers over

through stripe

Company B also has one

WE want Company B to share their credit card with us for customers who buy the combined package

Is this still possible if both are platoform accounts?

also sorry i've been referring to us as COMPANY B and just inversed it in that description. But you get the point

Ah, no that is not possible. Two separate Platforms can't share objects like you described. However, you can clone payment methods across different connected accounts as a Platform. For instance, if Company A has two connected Accounts, you can create a Payment Method on the Platform Account and cloned them to Connected Account 1 and Connected Account 2, https://docs.stripe.com/payments/payment-methods/connect#cloning-payment-methods.

oh shoot.. i guess i've been off.

so wait let me understand what you said.. and let me just adjust this.. so Company A is THEM and Company B is us. SO what you're saying is this?

Company A can have a platform Account and use it to create the token and Customer account on a connected account that company B owns? Conpany B could then clone that accross to its Platform account? is that correct

Or is there just no way to get a token from one platform to another in an automated fashion?

could company A and Company by share a connected account?

There is not a work around. Both of the Connected Accounts would need to be connected to that one Platfrom Account.

so what Exactly is a connected account then if its not a normal account that i sign up with. Meaning if i go to stripe and sign up for a stripe account and someone else signs up for a stripe account. Does that mean both are platform accounts?

Not necessarily, you would need to turn that functionality on.

The thing is that company B is not using their platform for charges at all. They would only be creating an account so they could send a token into ours.

So essentially WE company B are the ones who are doing the charges and company A just needs to send it to our account. Is it possible for them NOT to be a platoform account and send the payment token to US? Or does the initiator always have to be the platform account?

can you think of any way to do this?

There is not a way to do it the other way around like you described and there is not a workaround.

You would have a Platform Account, and Create Connected Accounts to then make the charges and move funds.

but those connected accounts could still transact on those cards right?

what would be the difference between what a platform account can do that a connected account cannot

for instance we as a company use stripe to charge our customers with credit cards on stripe side but we control when the billing is initiated, trasnacted and we use your API to do so. Could a connected account achieve that as well

Meaning we at Company A could just turn our account into a connected account for Company B to send tokens to and then we can continue to transact against that connected accoutn as usual?

Yes, the Standard Connected Account create payments on their account. What do you mean by 'continue to transact against that connected account as usual'?

Let me explain the broarder situation. We as a company have many partners. Each one of those partners buy certain services from us. Currently we have a number of stripe accounts where our platform calls via stripe elements in our order form to create credit cards and customers. We have monthly billing where we essentially call stripe for that customer and token and create payment intents and transact, or refund, pre-auth, etc.

this partner INC is one of them

so currently i assume our account that transacts for the inc partnership from our platform is a platform account

can you confirm this?

That's more something you would tell us, we can't really confirm it for you

i can't because i don't understand what consitutes a platform account

stephen_oauth-questions

thats what i'm confused about at the moment

acct_1JUeBXKPqVxPLabz
acct_1IIi45DuBSIw50L2

those are the two production accounts

Those are 2 Stripe accounts, completely unrelated to each other. They each have their own API keys and integrations.

okay.. so are each one of those accounts considered platoform accounts?

or is the main account that i'm logged into that shows both of these considered platform accounts?

okay.. so are each one of those accounts considered platoform accounts?
no, none of those accounts are platforms.

or is the main account that i'm logged into that shows both of these considered platform accounts?
Nope, it's not a platform either

Okay so either of these accoutns could be used to connect to another platform account? or because they are already in this platform account another could not connect them right?

Both of those accounts can be connected to other platforms. Yes.
Both of those accounts could become platforms themselves and have connected accounts. This is an integration decision to turn an existing Stripe account in a platform.

because they are already in this platform account
they are not. Nothing is a platform in any of those two accounts or what you see.

Let me try to say something:
You think that because you have 2 Stripe accounts under the same email address/login in the Dashboard they are "under a platform" and "connected" to each other because as a user you can switch between each of them in the Dashboard.
^ is this a fair assessment of what you are thinking?
If so, that is incorrect (though I definitely see why you thought that)

At the moment yes i was lead to believe that. BUt i was not earlier today. hahaha i'm a bit confused trying to solve this puzzle

If we consider this account for instance: acct_1IIi45DuBSIw50L2

it is being managed through the dashboard where i log into with one email address

THat company is a partner of ours that we currently do business with. THey send customers to our platform and tehy give us their credit card to order services.

The problem we face is that those customers have already given their credit card to the partner once in the process. SO asking for it again is a very bad experience

so what we are trying to do is come up with a way that our partner can sign up for a stripe account so they can put the token in their account and then share that token with us to our stripe accoutn

connected accounts seemed to be the way to do this

could company B sign up for a stripe account and connect this account acct_1IIi45DuBSIw50L2 to theirs so they could put tokens into it?

yes

okay so even though its being managed through our user interface it can be connected to

BRILLIANT

So when they call that Oauth authenticated request where they redirect us to that link and we complete the handshake

COmpany B could go to their connected account section and see acct_1IIi45DuBSIw50L2 account in there?

Kind of. Sorry you're saying some words that are relevant but it's not really clear what you mean. But unless you are the developer that is going to build all of this code end to end I think it's best to leave to your development team to figure out.
If you are the developer though I'm happy to help but would need more details.

COmpany B could go to their connected account section and see acct_1IIi45DuBSIw50L2 account in there?
yes

how would this API request ensure thats the right account? WOuld that accoutn number go in the Oauth URI where the xxxxxx are in this example?
o Inc Aurhority redirects NetNation to Stripe’s OAuth authorization page:
o https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_1HXXXXXXXXXXXXXXX&scope=read_write
o Inc Authority authorizes NetNation with an Access Token
o curl https://connect.stripe.com/oauth/token
o -d client_secret=sk_test_netnation_secret_key
o -d code=AUTHORIZATION_CODE
o -d grant_type=authorization_code

https://connect.stripe.com/oauth/authorize?response_type=code&client_id=acct_1IIi45DuBSIw50L2&scope=read_write <---Like that?

nope none of what you said really

hahaha shot in the dark

Are you the developer that is going to write the code? If not, it would be much easier to leave that to the developer instead.

I am their planner so i do understand that

but we've been given a lot of different info so please bare with me. I am a developer

i can keep up

Okay but it's much easier to let the person who will build the code either talk to us or try it. If you are a developer you should be able to try the OAuth flow in a few minutes at most and it'd click immediately in your head then.

#1 Go to the OAuth page https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_123&scope=read_write
the ca_123 is a unique id that is part of the platform account, they get it when they sign up for Stripe Connect. That would be obtained by Company B
#2 Pick the right Stripe account in that UI (you seem to have 2 so you'd pick the right one) and authorize platform B to see your ingo
#3 Get sent back to Company B's URL/website where they write code to finish the connection (the curl you shared above).
#4 All set, Company now can see you account in the list of connected accounts (you have never seen this view yet, you don't use Connect yet). And they can make requests on your behalf

Okay thank you, it was #2 i wasn't sure of. So essentially following the Oauth link would ask me to log into our account first where both accoutns are found and will be an option to select. Once done that will send us back to them to compelte the handshake.

one more quick question. How often will this token need to be updated. I was previously told that it has no end of life so we would theoretically only need to do it to start the connected account right?

correct no end of line. There's no real token, you can ignore the token entirely. It's kind of a handshake to get access to your account forever (until you explicitly revoke their access)

great so this could be done with a dev on each side to start just sending some curl requests and sharing some data to set it up

Thank you so much. You cleared up a lot in a short amount of time.

happy to!

Have a great day

also you deserve a raise

😉